General
-
Target
2a8c76c149b7b31f27e2533ecbba80bf_JaffaCakes118
-
Size
688KB
-
Sample
241009-en4hhavblp
-
MD5
2a8c76c149b7b31f27e2533ecbba80bf
-
SHA1
2036898e4b4eb8a5740e1eb090f6ae61483c5fae
-
SHA256
b63b9ab36b8e6fcaf0c5455c09c76d4db231fdc0fe0077c227b9d61d4a6cd624
-
SHA512
f800af2deefa1f4cb620325c8046590ec48b3fb4240fc1bd660d7ee38646d8d451d75baf0a882b00a000ce2590c01824597d244586a3d7b7860ef0e29d19629e
-
SSDEEP
12288:6F0rjvmwGruGzL8LcKsgMxOYctIg5x4zs0XmVSu/nX1ns4t:6FYT4rnLWFMxnctIgcs0Xi/X6
Malware Config
Targets
-
-
Target
2a8c76c149b7b31f27e2533ecbba80bf_JaffaCakes118
-
Size
688KB
-
MD5
2a8c76c149b7b31f27e2533ecbba80bf
-
SHA1
2036898e4b4eb8a5740e1eb090f6ae61483c5fae
-
SHA256
b63b9ab36b8e6fcaf0c5455c09c76d4db231fdc0fe0077c227b9d61d4a6cd624
-
SHA512
f800af2deefa1f4cb620325c8046590ec48b3fb4240fc1bd660d7ee38646d8d451d75baf0a882b00a000ce2590c01824597d244586a3d7b7860ef0e29d19629e
-
SSDEEP
12288:6F0rjvmwGruGzL8LcKsgMxOYctIg5x4zs0XmVSu/nX1ns4t:6FYT4rnLWFMxnctIgcs0Xi/X6
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Impair Defenses: Safe Mode Boot
-
Loads dropped DLL
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Impair Defenses
1Safe Mode Boot
1Indicator Removal
1File Deletion
1Modify Registry
2